AMp Posted August 2, 2009 Share Posted August 2, 2009 (edited) Removed due to lame comments. (Got it working btw). Thanks Ascend4nt for your useful information. >_<ASM.au3 Edited August 4, 2009 by AMp Link to comment Share on other sites More sharing options...
Ascend4nt Posted August 2, 2009 Share Posted August 2, 2009 (edited) Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems:1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1.2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again)3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted.You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever) Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data?*edit: typos oops Edited August 2, 2009 by Ascend4nt My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
AMp Posted August 2, 2009 Author Share Posted August 2, 2009 Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems: 1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1. 2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again) 3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted. You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever) Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data? *edit: typos oops You can inject code in a program to change the course of execution. I sent you a PM for additional information >_< Anyone ever used Code Injection SUCCESSFULLY using Autoit? I would like to know some more about that too. Thanks in advance. Link to comment Share on other sites More sharing options...
Kip Posted August 2, 2009 Share Posted August 2, 2009 (edited) Anyone ever used Code Injection SUCCESSFULLY using Autoit?Yes. Just search. Edited August 2, 2009 by Kip MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
AMp Posted August 2, 2009 Author Share Posted August 2, 2009 Yes. Just search.Am already searching for a few days. Is this post ment to pump up your postcount? Link to comment Share on other sites More sharing options...
trancexx Posted August 2, 2009 Share Posted August 2, 2009 Ahh you never know with Kip. He's just too damn proud to be 17900. It could be anything. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
qingtianyu9 Posted August 21, 2009 Share Posted August 21, 2009 help me, convert the code to autoit ,thanks. c++ code: addmp() { DWORD Address=0x00452E98; __asm { pushad mov eax,0xD51FA0 mov edx,0x453040 call Address popad } } Link to comment Share on other sites More sharing options...
Kip Posted August 21, 2009 Share Posted August 21, 2009 (edited) Am already searching for a few days. Is this post ment to pump up your postcount?Ahh you never know with Kip. He's just too damn proud to be 17900. It could be anything.Why would I try to 'pump up' my post count. I already have 143 times more posts than you do.I found a succesfull code injection within 30 seconds of searching for "assembly".Searching... hard isn't it? Edited August 21, 2009 by Kip MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
LacBuoc Posted September 1, 2019 Share Posted September 1, 2019 Can you give me an example, Assembly Link to comment Share on other sites More sharing options...
Developers Jos Posted September 1, 2019 Developers Share Posted September 1, 2019 10 minutes ago, LacBuoc said: Can you give me an example, Assembly You do realise you just resurrected an 10 years old thread and without any explanation what it is you want to do with it? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
LacBuoc Posted September 1, 2019 Share Posted September 1, 2019 Just now, Jos said: Bạn có nhận ra bạn vừa hồi sinh một chủ đề 10 năm tuổi và không có bất kỳ lời giải thích nào bạn muốn làm gì với nó? Jos oww Sorri Link to comment Share on other sites More sharing options...
Developers Jos Posted September 1, 2019 Developers Share Posted September 1, 2019 Ok, but what is the answer to my question: What are you trying to do with this? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
LacBuoc Posted September 17, 2019 Share Posted September 17, 2019 On 1/9/2019 at 19:02, Jos said: Bạn có nhận ra bạn vừa hồi sinh một chủ đề 10 năm tuổi và không có bất kỳ lời giải thích nào bạn muốn làm gì với nó? Jos Autoit communicated with the Assembly assembly too I was really sad Link to comment Share on other sites More sharing options...
Developers Jos Posted September 17, 2019 Developers Share Posted September 17, 2019 That answer is as clear as mud so guess we have a insurmountable language barrier. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted September 17, 2019 Moderators Share Posted September 17, 2019 For the member that decided to report this post, usually when a Mod is active in the thread you can consider it handled. I would have thought that to be self-evident. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now